-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create security.md #253
base: main
Are you sure you want to change the base?
Create security.md #253
Conversation
Risk is determined through internal scoring using CVSSv3.1 (https://www.first.org/cvss/calculator/3.1). | ||
|
||
### Security Advisories | ||
Notifications and descriptions of security incidents are available here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be clear, at loss of a better solution, are you recommended that the list of Security Advisories related to Solid will be currated manually as a list:
- inside this present document; or;
- in an external
security-advisories.md
?
I would probably have a slight preference for the latter.
security.md
Outdated
[email protected] | ||
Submit an issue to our team on github |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure which repo these issues belong on.
[email protected] | |
Submit an issue to our team on github | |
Please submit any issues to [our team on github](needs_the_repo/issues/), or email <[email protected]>. |
security.md
Outdated
* Accessing, or attempting to access, data or information that does not belong to you | ||
* Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you | ||
|
||
Software often contains third party or open source libraries and binaries. Prior to submitting a request to validate how a security issue in third party components may impact Solid, please review the section on third party CVE handling. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Software often contains third party or open source libraries and binaries. Prior to submitting a request to validate how a security issue in third party components may impact Solid, please review the section on Handling Third Party CVE (Common Vulnerabilities and Exposures).
Risk is determined through internal scoring using CVSSv3.1 (https://www.first.org/cvss/calculator/3.1). | ||
|
||
### Security Advisories | ||
Notifications and descriptions of security incidents are available here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Notifications and descriptions of security incidents are available here. | |
Notifications and descriptions of security incidents are available [here](needs_a_link_to_document_or_directory). |
### Security Advisories | ||
Notifications and descriptions of security incidents are available here. | ||
|
||
Security Advisories and other security content are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Inrupt reserves the right to change or update this content without notice at any time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inrupt.com? Or solidproject.org? This document is starting to exhibit a split personality...
Co-authored-by: Matthieu Bosquet <[email protected]>
Co-authored-by: Matthieu Bosquet <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
new page to explain a process how to report vulnerabilities and what advisories will look like